mirror of https://git.kore.io/kore.git
add ssl_no_compression option to allow one to disable OpenSSL compression.
This commit is contained in:
parent
429768ba37
commit
bbfbfc4c61
|
@ -230,6 +230,7 @@ extern char *kore_pidfile;
|
|||
extern char *config_file;
|
||||
extern char *kore_ssl_cipher_list;
|
||||
extern DH *ssl_dhparam;
|
||||
extern int ssl_no_compression;
|
||||
|
||||
extern u_int8_t nlisteners;
|
||||
extern u_int64_t spdy_idle_time;
|
||||
|
|
|
@ -34,6 +34,9 @@ load modules/example/example.module
|
|||
# a generated DH key (See OpenSSL dhparam).
|
||||
#ssl_dhparam dh2048.pem
|
||||
|
||||
# Set this if you want to disable SSL zlib compression.
|
||||
#ssl_no_compression
|
||||
|
||||
# Specify the amount of seconds a SPDY connection is kept open.
|
||||
# You can keep it open indefinately by setting this to 0.
|
||||
#spdy_idle_time 120
|
||||
|
|
10
src/config.c
10
src/config.c
|
@ -35,6 +35,7 @@ static int configure_certkey(char **);
|
|||
static int configure_max_connections(char **);
|
||||
static int configure_ssl_cipher(char **);
|
||||
static int configure_ssl_dhparam(char **);
|
||||
static int configure_ssl_no_compression(char **);
|
||||
static int configure_spdy_idle_time(char **);
|
||||
static void domain_sslstart(void);
|
||||
|
||||
|
@ -49,6 +50,7 @@ static struct {
|
|||
{ "dynamic", configure_handler },
|
||||
{ "ssl_cipher", configure_ssl_cipher },
|
||||
{ "ssl_dhparam", configure_ssl_dhparam },
|
||||
{ "ssl_no_compression", configure_ssl_no_compression },
|
||||
{ "spdy_idle_time", configure_spdy_idle_time },
|
||||
{ "domain", configure_domain },
|
||||
{ "chroot", configure_chroot },
|
||||
|
@ -203,6 +205,14 @@ configure_ssl_dhparam(char **argv)
|
|||
return (KORE_RESULT_OK);
|
||||
}
|
||||
|
||||
static int
|
||||
configure_ssl_no_compression(char **argv)
|
||||
{
|
||||
ssl_no_compression = 1;
|
||||
|
||||
return (KORE_RESULT_OK);
|
||||
}
|
||||
|
||||
static int
|
||||
configure_spdy_idle_time(char **argv)
|
||||
{
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
struct kore_domain_h domains;
|
||||
struct kore_domain *primary_dom = NULL;
|
||||
DH *ssl_dhparam = NULL;
|
||||
int ssl_no_compression = 0;
|
||||
|
||||
void
|
||||
kore_domain_init(void)
|
||||
|
@ -78,6 +79,9 @@ kore_domain_sslstart(struct kore_domain *dom)
|
|||
SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_SINGLE_DH_USE);
|
||||
}
|
||||
|
||||
if (ssl_no_compression)
|
||||
SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_NO_COMPRESSION);
|
||||
|
||||
SSL_CTX_set_mode(dom->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
|
||||
SSL_CTX_set_cipher_list(dom->ssl_ctx, kore_ssl_cipher_list);
|
||||
SSL_CTX_set_mode(dom->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
|
||||
|
|
Loading…
Reference in New Issue